The use of computers has matured to the point where they are often relied upon to store and process sensitive information. Even banking functions such as fund transfers and dispensing of cash are now often controlled with computers. Naturally, such computers are attractive targets to interlopers wishing to gain unauthorized entry; particularly in systems that interact with users directly.
To provide for the needed security, computer systems that permit electronic "dial-up" access generally control the access by identifying each authorized user with a secret password which is communicated to the computer during the initial protocol between the user and the computer system. The password is most commonly sent through a typewriter-like terminal, through a key pad similar to that of a touch-tone telephone, or through a credit card-like device that contains an electronically readable magnetic strip.
Unfortunately, these means for user authentication are often not very effective against a sophisticated interloper.
One way in which a password's integrity can be compromised is by gaining access to the password file within the host computer. This can occur, for example, by corrupting the computer operator. However, this is the most risky approach for an interloper and is, therefore, generally not a problem. Also, access to the password file can be made quite difficult by encrypting the file.
A second way in which a password's integrity can be compromised is by intercepting the user's communication with the computer. This can be done by wiretapping and eavesdropping of the protocol between the user and the computer and recording the password as it is transmitted. Alternatively, the computer's "log on" protocol can be mimiced, thereby tricking the user into divulging the password.
A third, and the most common way, in which a password's integrity is lost is through misuse of the password by the user. Computer users tend to be careless by selecting passwords that are relatively easy to guess. Sometimes users lend their passwords to others and forget to change them. Even having the computer system select the passwords does not solve the problem, because the resulting passwords are often so obscure that users tend to write them down and keep them in physical proximity to the teminals. Of course, that makes unauthorized access even easier.
Various systems are found in the art for reducing the risk of password exposure.
W. P. Flies, in U.S. Pat. No. 4,297,569 issued Oct. 27, 1981 describes a key-like device that is small enough to be carried on the person of the user. That device, carrying microelectronic memory circuits is adapted to be inserted or otherwise connected to a computer and to make its data available to the system. This data forms the secret password, which can be as complex as the memory circuits permit.
The disadvantage of the Flies key-like device, paralleling the problem of conventional door keys, lies in the fact that a possessor of the key can copy the information it carries. Also, the Flies device does not circumvent the wiretapping problem.
A similar concept is described by J. Dethloff in U.S. Pat. No. 4,105,156 issued Aug. 8, 1978, where the key-like device is shown in the form of a credit card. Rather than mere memory circuits, the Dethloff device contains a microprocessing unit, a memory unit for controlling the microprocessor and a separate memory for storing the password. The desired password is entered into the separate memory once, and the path to that memory is burned to permanently prevent reading or altering the password memory through the port by which the password was entered. The card communicates with the host computer only through its I/O port which is connected to the microprocessor. The Dethloff device divulges its password only when the correct query sequence is presented at its I/O port, but such a query can be designed to be so complex as to make the password practically unattainable by a possessor of the card.
The Dethloff device remedies the main drawback of the Flies device, but it is still subject to compromise through eavesdropping and/or protocol mimicing.
S. T. Kent, et al., in an article entitled "Personal Authentication System for Access Control to the Defense Data Network," Conference Record of Eascon, pp. 89-93, describe a system aimed to prevent the compromise of passwords through wiretapping. They suggest a challenge-response scheme where the computer system issues a challenge to the user, who must generate a response that is some function of the challenge. For example, a user may be required to transform a random numeric challenge into a response based on knowledge of some secret parameter and an algorithm (which may or may not be secret). The system has available both the secret parameter and the algorithm, so it can perform the calculation to verify the response submitted by the user.
The Kent, et al., proposal suggests the use of both a memorized password and an authenticating device. The authenticating device is an encryption key, either recorded on a magnetic-type card or stored in an inexpensive device containing the Data Encryption Standard (DES) algorithm adopted by the U.S. Bureau of Standards.
The problem with the Kent, et al., system is that a possessor of the authenticating device containing the encryption key can duplicate the key, resulting in the memorized password being the sole barrier to unauthorized access.
In an article entitled "Password Authentication with Insecure Communication," Communications of the ACM, November, 1981, Vol. 24, No. 11, pp. 770-772, L. Lamport suggests the use of encryption functions as the challenge-response pairs. Lamport suggests that the host computer choose a sequence of passwords x.sub.1,x.sub.2, . . . ,x.sub.1000, where x.sub.i is the password by which the user identifies himself for the i.sup.th time. The system must know the sequence y.sub.1,y.sub.2, . . . , y.sub.1000, where y.sub.i =F(x.sub.i) and the y.sub.i are distinct to prevent an intruder from reusing a prior password. The function F is a one-way mapping function which encrypts the password x and is such that each user password is the value needed by the system to authenticate the next password.
The Lamport system is quite powerful because each communication between the user and the host computer is unique and the function F, which is employed to authenticate the password, cannot be deciphered. The drawback of the Lamport system, however, is that the set of passwords is fixed apriori and is finite. That means that after a fixed number of communications the user must be given a new set of password functions.